Want to allow SNMP in FreeBSD Server

M

mahip_nix

Hi friends,

I need your help to allow the SNMP port (udp/161) on my freeBSD FreeBSD server "7.3-RELEASE-p1". I have my monitoring system and I am monitoring my linux servers through the SNMP protocol. I installed SNMP on my FreeBSD server but am not able to get details using the snmpwalk command from my monitoring system. I think my "OpenBSD Packet Filter" firewall is blocking SNMP trafic from outside the server. Please help me to allow SNMP trafic from outside network or specific IP address.

Thanks in advance,
Mahip_nix
 
Hi SirDice,

Thanks for you prompt response. Please find the current rules below in the /etc/pf.conf file.

Code: 
table <nnn-white> persist file "/var/db/whitelist.txt"

scrub in all

no rdr inet proto tcp from { <spamd-white>, <nnn-white> } to any port smtp
rdr inet proto tcp from !127.0.0.1 to any port smtp -> 127.0.0.1 port spamd


pass in proto udp from any to any port = 161 keep state
pass out proto udp from any to any port = 161 keep state

block webdeal host
block in proto tcp from X.X.X.X to any port smtp

Thanks,
Mahip_nix
 
Traffic isn't blocked and should be allowed by your rules.

Are you getting time-outs with snmpwalk(1)? It's probably the wrong community string you're using. Also make sure snmpd is actually running.
 
Hi SirDice,

I checked the snmpd.conf file and it has community "public". Below is the command which I used to get detail through SNMP.

[cmd=]snmpwalk -v1 -cpublic 88.87.56.226[/cmd]

I am getting the below error message.

Code: 
Timeout: No Response from X.X.X.X

Do you have any clue how can I resolve this.
 
Hi SirDice,

Yes SNMPD is working on the server, check below screenshot for your reference.

Code: 
# /usr/local/etc/rc.d/snmpd status
snmpd is running as pid 25869.

Code: 
dns3# sockstat -4 -l |grep snmp
root     snmpd      25869 8  udp4   *:161                 *:*
root     snmpd      25869 9  tcp4   *:199                 *:*
 
Hi SirDice,

It is not working on the same host either.

Code: 
snmpwalk -v1 -cpublic localhost
Timeout: No Response from localhost
 
It looks as though you are only passing UDP and not TCP. Perhaps this is the problem. Perhaps the redirection statement is also wrecking havoc.

Does SNMP work if you disable the firewall?
 
You must log in or register to reply here.
Back
Top